Version 2.2.21 - Sherbrooke
-------------------------------
Core - General
- Fixes BR 12714 inherited content Fields from a base templates are missing in child templates (backend edit);
- Fixes BR 12713 Pages extended of a page base can't be edited, if they don't contain a {content} tag;
- Fixes a typo in class ErrorPage: missing line break after #[\AllowDynamicProperties] directive;
Version 2.2.20 - Saguenay
-------------------------------
Core - General
- Compatibility fixes for PHP 8.2 and 8.3;
- Smarty upgraded to version 4.5.2 (latest of the stable 4.5.x branch);
- Made some changes to keep backward compatibility with previous versions of Smarty;
- Fixed BR #12683: we now truncate the item_name at 50 characters;
- Moved php files with functions to a specific folder tidying up for further changes;
- Deprecated cms_html_entity_decode: scheduled to be removed; PHP native html_entity_decode now supports UTF-8 properly;
- Fixed BRs #12677 and #12703: UDTs errors are now handled more gracefully - the error being triggered is shown on the popup;
- News module is no longer mandatory;
- New module added to core (UserGuide);
- Installer now supports optional modules (News and UserGuide);
- MenuManager is no longer installed back on upgrades;
Content Manager 1.1.13
- Fixed a typo in admin_editcontent.tpl;
CmsJobManager 1.0.0
- Considered a stable release, version is now 1.0.0;
- Compatibility fixes for PHP 8.2 and 8.3;
DesignManager 1.1.11
- Compatibility fixes for PHP 8.2 and 8.3;
FilePicker 1.0.8
- BR #12671 - fix FilePicker prefix error;
MicroTiny 1.6.5
- Compatibility fixes for PHP 8.2 and 8.3;
- Removed mt_jsbool as it is not needed any longer and was breaking Smarty compatibility;
Navigator 1.0.11
- Compatibility fixes for PHP 8.2 and 8.3;
News 2.51.13
- Compatibility fixes for PHP 8.2 and 8.3;
- News is now an optional module, no longer installed by default;
UserGuide 1.0.0
- Initial release;
Phar Installer Not SET
- Compatibility fixes for PHP 8.2 and 8.3;
- Supports core optional modules selection on advanced mode (currently News and UserGuide);
- Modified Smarty 4.2.1 enough to work with PHP 8.3;
- Regular Phar doesn't support Windows at this point while Expanded Phar does;
Version 2.2.19 - Selkirk
-------------------------------
Core - General
- BR #12647 - Wrong default action value in get_pageid_or_alias_from_url
- FR #12638 - ability to add CSP headers on the backend: currently weak restrictions: self with script-src and script-src-elem set to unsafe-inline (optionally set on config admin_csp_header);
- BR #12661 - fix page_selector allow_all parameter and set default to false;
Content Manager 1.1.12
- BR #12635 - Apply button is shown for non-existing page;
- BR #12474 Taking the default page down by accident through the content type;
File Manager 1.6.16
- BR #12659 - FileManager upload Warning bug fix;
FilePicker 1.0.7
- BR #12621 - FilePicker upload bug;
- BR #12659 - FilePicker upload Warning bug fix;
Navigator 1.0.10
- BR #12528 Navigator call doesn't clear excluded prefixes in some situations
Version 2.2.18 - Apex
-------------------------------
Core - General
- Fallback function CMSMS\strftime. PHP Intl extension still recommended. The fallback solves issues on hosts that don't install it by default and don't allow users to install it.
Version 2.2.17 - Iqaluit
-------------------------------
Core - General
- BR #12529 - Cacheable Pages have Bad Header Last-Modified;
- BR #12543 - Lib file corrections;
- BR #12618 - HasChildren() is broken;
- BR #12587 - can't uninstall modules;
- Compatibility fixes for PHP 7, 8.0 and 8.1;
- Smarty upgraded to version 4.2.1;
Note: Smarty 2 syntax is still supported, but deprecated
- Add function CMSMS\strftime to replace deprecated PHP function. PHP Intl extension recommended to support this.
- Enabled use of PHP functions trim,ltrim,rtrim in smarty templates
- PHPMailer upgraded to version 6.6.0.
- fixes BR #12529 Cacheable Pages have Bad Header Last-Modified;
- added module's support for arrays in parameters;
- Fixes to cms_mailer class mainly in terms of proxy design pattern getters and setters and autotls settings;
- Smarty security policies changes: due to some modifications in the way updated Smarty now behaves, all static classes need to be registered for its use to be allowed in templates.
Content Manager 1.1.10
- Differentiate new page from cloned page.
- Compatibility fixes for PHP 7, 8.0 and 8.1.
Design Manager 1.1.10
- BR #12545 - Module: DesignManager typo info on top file.
- fixes typo BR #12545
- Compatibility fixes for PHP 7, 8.0 and 8.1.
FilePicker 1.0.6
- BR #12539 - Module FilePicker 1.0.5 files corrections.
- Compatibility fixes for PHP 7, 8.0 and 8.1.
Module Manager 2.1.9
- BR #12541 - Module ModuleManager 2.1.8 : corrections + compatible php 7.1.0 to 8.1.4.
News 2.51.12
- BR #12543 - Lib file corrections.
- Compatibility fixes for PHP 7, 8.0 and 8.1.
FileManager 1.6.13
- Compatibility fixes for PHP 7, 8.0 and 8.1.
Version 2.2.16 - Truro
-------------------------------
Core - General
- BR #12370 - Admin Log-Download : now downloading the log honors all filters but doesn't process paging
- BR #12437 - Installer won't allow "<" symbol in database password
- BR #12457 - Event Manager empty list when mysql mode only_full_group_by
- BR #12484 - Cannot exit after Run UDT
- BR #12495 - MySQL 8.0.2+ breaks groups without table prefix
- BR #12499 - adminlog.tpl Wrongly formed date
- BR #12500 - NameQuote function does not work properly
- BR #12504 - Function call notification.
- Fixed an issue with specific characters in a content block tab name breaking the editor
- Adjust regex's incompatible with PCRE2
- Avoid deprecated strftime() - deploy new replacement function locale_ftime() and new modifier-plugin localedate_format
- A number of fixes for PHP 8 compatibility
Admin Search v1.0.6
- BR #12443 - Admin Search fails on some searches with default mysql mode only_full_group_by (mysql 5.7.5+).
- Removed license and copyright notices from module help text.
- Escaping the search input field values.
- More content object attributes are searched.
- User Defined Tags can be searched.
- Only places a user has permission to search are shown in the filter list (cached!).
Content Manager v1.1.9
- Fix menu text/title setting.
FileManager v1.6.12
- BR #12435 - Replacing an image file in filepicker doesn't update thumbnail.
FilePicker v1.0.5
- FR #12483 - Additional FilePicker Help for usage as Content Block.
Navigator v1.0.9
- BR #12456 - Navigator breadcrumbs with default page hidden from menu causes PHP notice.
Search v1.53
- Added 'Manage Search' permission;
- BR #12391 - Core search issue page/entry titles that start with numbers;
Phar Installer v1.3.15
- Fixed BR #12437 - Installer won't allow "<" symbol in database password;
- Added Russian lang file to installer;
- use locale_ftime() instead of deprecated strftime();
- escape name of groups table, to prevent reserved-word conflict when table-prefix is empty;
- alterations to the links in final step: we now privilege links to CMSMS channels of contact and support;
Version 2.2.15 - Bonaventure
-------------------------------
Core - General
- BR #12287 - Admin shortcuts popup refers to IRC.
- BR #12292 - showbase parameter of metadata tag doesn't accept boolean value.
- BR #12303 - No date displayed in the admin + category id not incremented.
- BR #12305 - Removing actual Destination Page breaks Destination Page dropdown in Internal Page Link pages.
- BR #12311 - log_performance_info - undefined variable: queries.
- BR #12313 - 5 Stored XSS vulnerabilities in Settings - Content Manager.
- BR #12317 - XSS on Settings News Module.
- BR #12325 - Several XSS vulnerabilities.
- BR #12335 - User pref admin homepage not properly displayed under certain conditions.
- BR #12337 - GetContentBlockFieldInput $adding always false.
- BR #12338 - Allow http/2 responses.
- BR #12357 - Filepicker dropzone size issue.
- FR #12345 - More user friendly admin session handling (partly implemented).
- FR #12349 - Swap tabs on System Maintenance page.
- Browsing to the main admin page in a new browser tab during a running session won't redirect to login form anymore.
- (Error) messages in OneEleven won't dismiss on click.
- Fix to Admin redirection after login on Windows platform.
- Fix to the module API redirection to support arrays in parameters.
FileManager v1.6.12
- Dropzone improvement like core FilePicker.
FilePicker v1.0.5
- BR #11673 - FilePicker will not show svg images, when in the Content Manager.
- BR #12312 - Stored XSS vulnerability in File Picker.
News v2.51.11
- Minor code fix to encoding title content.
- BR #12322 - Stored Cross-Site Scripting. Minor, because it can only be performed by a person that has access rights to the Admin panel.
- BR #12325 - Several XSS vulnerabilities.
Design Manager v1.1.9
- Minor fixes for PHP warnings\notices;
Module Manager v2.1.8
- BR #12291 - Reflected Cross site scripting
- BR #12324 - Stored Cross-Site Scripting. Minor, because it can only be performed by a person that has access rights to the Admin panel.
- Increased the Download Chunk Size field size to 4.
MicroTiny v2.2.5
- BR #12351 - Escaping translation strings in tinymce_config.js.
Search v1.52
- FR #11886 - Include module and modulerecord fields for content pages.
Phar Installer v1.3.13
- Fixes to the reload button: now prevents browser's caching
- BR #11591 - fixed: Phar installer doesn't work with OPCache enabled
Version 2.2.13 - Moosomin
-------------------------------
Core - General
- Explicitly add a function or two to the allowed functions in PHP secure mode.
DesignManger v1.1.7
- Fix a warning in PHP 7.3+
FileManager v1.6.10
- Fix minor XSS vulnerabilities in FileManager.
News v2.51.8
- Fix a security issue in the default action with the idlist param
(This version was also separately released in the forge)
Version 2.2.12 - Osoyoos
-------------------------------
NOTICE: Due to the nature of the security issue fixed in FileManager after upgrading you should change your database password.
Core - General
- Fix warning in cms_html_entity_decode
FileManager v1.6.9.1
- Security fixes for view action.
Copyright 2K16 - 2K18 Indonesian Hacker Rulez